Skip to content

Private action runner add node selection #1896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jun 10, 2025
Merged

Private action runner add node selection #1896

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d371a8e
add options for node scheduling
nicholas-at-corteva Jun 2, 2025
0fe87a9
add test
nicholas-at-corteva Jun 2, 2025
b188ba2
Merge branch 'main' into private_action_runner_add_node_selection
nicholas-at-corteva Jun 3, 2025
415b892
Merge branch 'main' into private_action_runner_add_node_selection
nicholas-at-corteva Jun 4, 2025
053b545
Merge branch 'main' into private_action_runner_add_node_selection
nicholas-at-corteva Jun 5, 2025
e875c7e
Merge branch 'main' into private_action_runner_add_node_selection
nicholas-at-corteva Jun 6, 2025
0f13346
update from main branch
nicholas-at-corteva Jun 9, 2025
1838a3e
revert autoformat
nicholas-at-corteva Jun 10, 2025
34c479b
update version link
nicholas-at-corteva Jun 10, 2025
69e2884
Merge branch 'main' into private_action_runner_add_node_selection
nicholas-at-corteva Jun 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions charts/private-action-runner/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Datadog changelog

## 1.2.2

* Add customizable nodeSelector, tolerations, affinity for the private action runner deployment.

## 1.2.1

* Bump runner version to `v1.4.0`
Expand Down
2 changes: 1 addition & 1 deletion charts/private-action-runner/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: private-action-runner
description: A Helm chart to deploy the private action runner

type: application
version: 1.2.1
version: 1.2.2
appVersion: "v1.4.0"
keywords:
- app builder
Expand Down
5 changes: 4 additions & 1 deletion charts/private-action-runner/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Datadog Private Action Runner

![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)
![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)

## Overview

Expand Down Expand Up @@ -219,6 +219,7 @@ If actions requiring credentials fail:
| fullnameOverride | string | `""` | Override the full qualified app name |
| image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v1.4.0"}` | Current Datadog Private Action Runner image |
| nameOverride | string | `""` | Override name of app |
| runner.affinity | object | `{}` | Kubernetes affinity settings for the runner pods |
| runner.config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner |
| runner.config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute |
| runner.config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app |
Expand Down Expand Up @@ -254,9 +255,11 @@ If actions requiring credentials fail:
| runner.kubernetesActions.services | list | `[]` | Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") |
| runner.kubernetesActions.statefulSets | list | `[]` | Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") |
| runner.kubernetesPermissions | list | `[]` | Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) |
| runner.nodeSelector | object | `{}` | Allow the private action runner pods to schedule on selected nodes |
| runner.replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner |
| runner.resources | object | `{"limits":{"cpu":"250m","memory":"1Gi"},"requests":{"cpu":"250m","memory":"1Gi"}}` | Resource requirements for the Datadog Private Action Runner container |
| runner.resources.limits | object | `{"cpu":"250m","memory":"1Gi"}` | Resource limits for the runner container |
| runner.resources.requests | object | `{"cpu":"250m","memory":"1Gi"}` | Resource requests for the runner container |
| runner.roleType | string | `"Role"` | Type of kubernetes role to create (either "Role" or "ClusterRole") |
| runner.runnerIdentitySecret | string | `""` | Reference to a kubernetes secrets that contains the runner identity |
| runner.tolerations | list | `[]` | Tolerations to allow scheduling runner pods on nodes with taints |
12 changes: 12 additions & 0 deletions charts/private-action-runner/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,18 @@ spec:
- secretRef:
name: {{ $.Values.runner.runnerIdentitySecret }}
{{- end }}
{{- with .Values.runner.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.runner.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.runner.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: secrets
secret:
Expand Down
15 changes: 15 additions & 0 deletions charts/private-action-runner/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,21 @@
"type": "object"
}
},
"nodeSelector": {
"type": "object",
"description": "Key Value pairs of node labels used to select nodes for scheduling the runner pods"
},
"affinity": {
"type": "object",
"description": "Kubernetes affinity settings for the runner pods"
},
"tolerations": {
"type": "array",
"description": "Tolerations to allow scheduling runner pods on nodes with taints",
"items": {
"type": "object"
}
},
"runnerIdentitySecret": {
"type": "string",
"description": "Name of the secret containing the runner's identity"
Expand Down
6 changes: 6 additions & 0 deletions charts/private-action-runner/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ runner:
actionsAllowlist: []
# -- Environment variables to be passed to the Datadog Private Action Runner
env: []
# -- Allow the private action runner pods to schedule on selected nodes
nodeSelector: {}
# -- Kubernetes affinity settings for the runner pods
affinity: {}
# -- Tolerations to allow scheduling runner pods on nodes with taints
tolerations: []
# -- Reference to a kubernetes secrets that contains the runner identity
runnerIdentitySecret: ""
# -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account
Expand Down
10 changes: 5 additions & 5 deletions test/private-action-runner/__snapshot__/config-overrides.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ metadata:
name: custom-full-name
namespace: datadog-agent
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: override-test
app.kubernetes.io/version: "v1.4.0"
Expand All @@ -92,13 +92,13 @@ spec:
template:
metadata:
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: override-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
annotations:
checksum/values: dd6e972057ae5e597c61d1a115df6901a507699723425bd1749c8bb766f96e59
checksum/values: 5ec29c3fb96081a9962733ad682ce7a7d6c90b6607fab4f53307f89f1c69a980
spec:
serviceAccountName: custom-full-name
containers:
Expand All @@ -118,12 +118,12 @@ spec:
volumeMounts:
- name: secrets
mountPath: /etc/dd-action-runner
env:
env:
- name: FOO
value: foo
- name: BAR
value: bar
volumes:
- name: secrets
secret:
secretName: custom-full-name
secretName: custom-full-name
139 changes: 139 additions & 0 deletions test/private-action-runner/__snapshot__/custom-pod-scheduling.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
---
# Source: private-action-runner/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
---
# Source: private-action-runner/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
stringData:
config.yaml: |
ddBaseURL: https://app.datadoghq.com
urn: CHANGE_ME_URN_FROM_CONFIG
privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG
modes:
- workflowAutomation
- appBuilder
port: 9016
actionsAllowlist:
- com.datadoghq.kubernetes.core.getPod
- com.datadoghq.kubernetes.core.listPod
---
# Source: private-action-runner/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: datadog-agent
name: resources-test-private-action-runner
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
---
# Source: private-action-runner/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: resources-test-private-action-runner
subjects:
- kind: ServiceAccount
name: resources-test-private-action-runner
namespace: datadog-agent
---
# Source: private-action-runner/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
spec:
selector:
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
ports:
- name: http
port: 9016
targetPort: 9016
---
# Source: private-action-runner/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
labels:
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
spec:
minReadySeconds: 10
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
template:
metadata:
labels:
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
annotations:
checksum/values: efd72170c12dfc431c95c216061404eb4cf2b67bd26d6aa18d44f544022634c5
spec:
serviceAccountName: resources-test-private-action-runner
containers:
- name: runner
image: "gcr.io/datadoghq/private-action-runner:v1.4.0"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9016
resources:
limits:
cpu: 250m
memory: 1Gi
requests:
cpu: 250m
memory: 1Gi
volumeMounts:
- name: secrets
mountPath: /etc/dd-action-runner
nodeSelector:
kubernetes.io/os: linux
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
tolerations:
- effect: NoSchedule
key: taint.custom.com/key
operator: Exists
volumes:
- name: secrets
secret:
secretName: resources-test-private-action-runner
8 changes: 4 additions & 4 deletions test/private-action-runner/__snapshot__/custom-resources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ metadata:
name: resources-test-private-action-runner
namespace: datadog-agent
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
app.kubernetes.io/version: "v1.4.0"
Expand All @@ -92,13 +92,13 @@ spec:
template:
metadata:
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: resources-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
annotations:
checksum/values: 3eaa0c28d5d5b6c90c67730d4e75c84f6aa0835da7ce33819e191dfb0c90472b
checksum/values: d763c657f165984896697eea8bec32e2692a667c08fc31e28d745c69dea8510e
spec:
serviceAccountName: resources-test-private-action-runner
containers:
Expand All @@ -121,4 +121,4 @@ spec:
volumes:
- name: secrets
secret:
secretName: resources-test-private-action-runner
secretName: resources-test-private-action-runner
8 changes: 4 additions & 4 deletions test/private-action-runner/__snapshot__/default.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ metadata:
name: default-test-private-action-runner
namespace: datadog-agent
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: default-test
app.kubernetes.io/version: "v1.4.0"
Expand All @@ -92,13 +92,13 @@ spec:
template:
metadata:
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: default-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
annotations:
checksum/values: d770b7f99297eb2e3301c6e4ee385d951571b948da009dacff8d23cefb4099b5
checksum/values: ab55de272f50fa621c0d1a9f460edb478560acd84e23cf2f667b9adf36d40875
spec:
serviceAccountName: default-test-private-action-runner
containers:
Expand All @@ -121,4 +121,4 @@ spec:
volumes:
- name: secrets
secret:
secretName: default-test-private-action-runner
secretName: default-test-private-action-runner
8 changes: 4 additions & 4 deletions test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ metadata:
name: kubernetes-test-private-action-runner
namespace: datadog-agent
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: kubernetes-test
app.kubernetes.io/version: "v1.4.0"
Expand All @@ -145,13 +145,13 @@ spec:
template:
metadata:
labels:
helm.sh/chart: private-action-runner-1.2.1
helm.sh/chart: private-action-runner-1.2.2
app.kubernetes.io/name: private-action-runner
app.kubernetes.io/instance: kubernetes-test
app.kubernetes.io/version: "v1.4.0"
app.kubernetes.io/managed-by: Helm
annotations:
checksum/values: 4c4d2095b29522d3889aeb0c0b63ec242979f69f6bbf8edd7acec519f77d2794
checksum/values: a33b417594160b6ea96139aa9a52eb829fe55c67ad0ad09e810461a2ed06e04a
spec:
serviceAccountName: kubernetes-test-private-action-runner
containers:
Expand All @@ -174,4 +174,4 @@ spec:
volumes:
- name: secrets
secret:
secretName: kubernetes-test-private-action-runner
secretName: kubernetes-test-private-action-runner
Loading
Loading